[Workshop Alert] Mastering Observability with OpenTelemetry Fundamentals - Register Now!

Start Free Trial Get a Demo
Start Free Trial Request Demo

Quick Start Security for GCP Cloud Storage

GCP Cloud Storage
GCP Cloud Storage icon

Coralogix Extension For GCP Cloud Storage Includes:

Alerts - 4

Stay on top of GCP Cloud Storage key performance metrics. Keep everyone in the know with integration with Slack, PagerDuty and more.

A User Was Added to a Bucket IAM Permissions

'Summary This alert gets triggered when a user is added to a bucket or granted access. Note- This alert should configured with relevant app & subsystem. Define timeframes/conditions that directly align with business objectives. Impact A potential threat actor might manipulate the permissions of a storage bucket to compromise the security controls of their target. Alternatively, an administrator could unintentionally alter the permissions, potentially resulting in the exposure or loss of data. Mitigation System administrators can adjust permissions for storage buckets. Confirm that any modifications to permissions align with anticipated changes. If unexpected permission changes are identified, remove the user from the bucket access. MITRE Tactic: TA0005 MITRE Technique: T1222'

Suspicious Type of Files was Uploaded to a Bucket

This alert gets triggered when an unusual file type is uploaded to a bucket. Note - Kindly add the genuine file formats in the query whitelisting. Impact This suggests that abnormal files have been uploaded to a bucket, posing a potential risk of malicious activities such as bots, malware, trojans, credential harvesting, and command-and-control (C2C) operations. Mitigation Examine the file types uploaded in the bucket, remove any unusual files, and limit access to authorized users only. MITRE Tactic: TA0010 MITRE Technique: T1537

Multiple Buckets Created by a User

This alert gets triggered when multiple buckets are created in a short time by a single user. Note - In this alert, the threshold is set to more than 5 buckets created within 20 minutes timeframe. Impact Atypical creation of storage buckets could affect storage capacity, costs, and potentially serve as a means for storing malicious data, facilitating data exfiltration, and enabling unauthorized access. Mitigation It is advisable to examine the configuration settings of the storage bucket and the data being stored to enhance security. Evaluate the configuration to ensure compliance with corporate best practices. MITRE Tactic: TA0010 MITRE Technique: T1020

Multiple Buckets Deleted By a User

This alert gets triggered when multiple buckets are deleted in a short period by a single user. Note - In this alert, the threshold is set to more than 5 buckets deleted within 15 minutes timeframe. Impact A potential threat actor might intentionally erase a storage bucket to disrupt the business operations of their target. The impact would be - data loss, operation interruption, database downtime, etc. Mitigation System or network administrators can delete storage buckets. Confirm whether the user email, resource name, and/or hostname align with authorized entities for making changes in your environment. For critical data buckets, it is recommended to take the daily data backup. MITRE Tactic: TA0040 MITRE Technique: T1485

Integration

Learn more about Coralogix's out-of-the-box integration with GCP Cloud Storage in our documentation.

Read More
Schedule Demo

300+ Integrations

View More
Akamai
Akamai
JIRA
JIRA
Logstash
Logstash
Prometheus
Prometheus
Fluent Bit
Fluent Bit
Kubernetes
Kubernetes
Amazon CloudWatch
Amazon CloudWatch
GCP Log Explorer
GCP Log Explorer
CircleCI
CircleCI
Slack
Slack
PagerDuty
PagerDuty
Jenkins
Jenkins
OTel
OTel
CrowdStrike Falcon
CrowdStrike Falcon
Teams
Teams
AWS Lambda
AWS Lambda
GitHub
GitHub
Azure
Azure
Cortex XSOAR
Cortex XSOAR
AWS S3
AWS S3